David H. Freedman and Charles H. Mann
At Large: The Strange Case of the World's Biggest Internet Invasion
Simon & Schuster, 1997. ISBN: 0-684-82464-7. Pp. 315. $24.00.

Reviewed by Nick Christenson
<npc@jetcafe.org>

Since Cliff Stoll wrote Cuckoo's Egg in 1989, we've been inundated with similar books about wily hackers, their exploits, and how they were finally caught. At Large is another one of these, detailing the exploits of Phantom Dialer, a kid from Oregon who broke into many hundreds of computers over the Internet in the early 1990s.

The book is not without its share of hyperbole, subtitled The Strange Case of the World's Biggest Internet Invasion. The liner notes claim that the book "is the astonishing, never-before-revealed tale of perhaps the biggest and certainly the most disturbing computer attack to date." Although the events are interesting and the account is reasonably well written, the story certainly doesn't live up to this hype. Yes, the perpetrator broke into a lot of computers. Yes, the book points out the inherent vulnerabilities of the Internet, although no more definitively than any other book of the genre. Yes, some folks lost a fair bit of sleep over these incidents. But on the "disturbing" index, this story doesn't crack the top ten.

I would have reacted more positively to this book if it weren't for all the hype it presented. I feel it's implied that we're going to be blown away by the exploits related here, but let's face it: Phantom Dialer didn't do truly massive amounts of damage to computer systems all over the world, although he certainly could have. He just broke into them. It wasn't the case that nobody could track him down; it's just that (1) the legal system wasn't ready at that time for a case like this, (2) law enforcement wasn't interested because they didn't understand the threat, and (3) many, if not most, of his victims didn't care much that they had been penetrated. Big, yes, a problem for many people, yes, the "most disturbing computer attack to date, " sorry, no.

Additionally, the book fails to discuss any of the significant changes that have been made in the laws and law enforcement that make Phantom Dialer a less significant threat today than six years ago. Although Internet security is still woefully inadequate, exactly this sort of invader is much less likely to get this far or last this long. I'm not saying that the Internet isn't vulnerable or that these sorts of attacks won't work, but there are more folks paying attention to security these days, and their remedies are more rapid and precise. It is much less hard to keep a Phantom Dialer out of one's network these days than it was. There are still very significant threats to one's networks, but this guy isn't one I'm worried about.

Still, it is an account of a hacking/cracking story that heretofore had not received much, if any, public distribution. It's a story that's worth hearing, but quite honestly, the important parts of the book could have been related as an article in Wired and not lost anything. Add At Large to the list of unremarkable, although by no means embarrassing, similar works.

I would guess that reactions to this book will be mixed. Those with any understanding of the state of Internet security won't be surprised or shocked by anything in the book. Those who are interested, but nontechnical, may be shocked and appalled. If they are, so much the better for the state of the Internet. Those involved with the hacking/phreaking community will probably feel that the book is another lame attempt by the conventional press that fails to reveal anything worthwhile about what they're really like. I would have no counterarguments for any of these claims.

At its heart, this book is yet another unremarkable attempt to duplicate the greatness of Cuckoo's Egg. I found it mildly entertaining to see how folks I know are depicted, and it does help make some sense out of the CERT advisories circulated at the time, but that's about it. Read it if you feel you must, but don't expect greatness.

Capsule

If you enjoy reading every book of this genre, you'll find it about as good as most. If you were involved in Internet security in the early 1990s, this book will help explain some of what was going on and why. Unfortunately, the book in no way lives up to the hype on the jacket. It's another passable, if unremarkable, story of computer security violations riding the coattails of the excellent Cuckoo's Egg.